A database encryption configuration method and device, electronic equipment and storage medium
By configuring the target encryption algorithm for the database on the server side, the problem of cumbersome client-side code modification in existing technologies is solved, enabling customized encryption requirements and transparent encryption effects, and reducing development costs.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- JINAN INSPUR DATA TECH CO LTD
- Filing Date
- 2023-06-08
- Publication Date
- 2026-06-26
AI Technical Summary
In existing technologies, database encryption methods require cumbersome code modifications on the client side, leading to increased development costs, and MariaDB databases lack sufficient encryption algorithm support.
By obtaining the target configuration requirements of the database on the server side, calling the target configuration file, modifying the encryption attribute parameters, and configuring global encryption parameters, the database can support user-defined encryption algorithms, avoiding the need for client code modification.
It enables users to customize encryption requirements without changing the original functions of the database, reducing development costs and providing transparent encryption effects.
Smart Images

Figure CN116680715B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of database technology, and in particular to a database encryption configuration method, apparatus, electronic device and storage medium. Background Technology
[0002] With the increasing use of databases, higher levels of security are required. Therefore, many database products need to support database data encryption. However, database servers typically only support specified encryption algorithms. For example, MariaDB itself only supports encryption algorithms other than AES_CBC and AES_CTR. Most users have custom encryption requirements, making the configuration of database encryption methods a key research area.
[0003] In existing technologies, data is typically encrypted using a specified algorithm on the client side, and then the encrypted data is transmitted to the server so that the server can directly store the encrypted data.
[0004] However, when other clients need to read the encrypted data stored on the server, the client code needs to be modified accordingly so that other clients can read the decrypted data. The client code modification process is cumbersome and increases development costs. Summary of the Invention
[0005] This application provides a database encryption configuration method, apparatus, electronic device, and storage medium to address the shortcomings of existing technologies, such as increased development costs.
[0006] The first aspect of this application provides a database encryption configuration method, including:
[0007] Obtain the target configuration requirements for the database;
[0008] Based on the target encryption algorithm represented by the target configuration requirements, the target configuration file of the database is invoked;
[0009] Based on the target encryption algorithm parameter information represented by the target configuration file, modify the encryption attribute parameters of the database;
[0010] Based on the modification results of the encryption attribute parameters of the database, configure the global encryption parameters of the database so that the database can perform data encryption and decryption based on the target encryption algorithm.
[0011] Optionally, the step of calling the target configuration file of the database according to the target encryption algorithm characterized by the target configuration requirements includes:
[0012] Based on the target encryption algorithm represented by the target configuration requirements, determine the target configuration file of the database;
[0013] Replace the original configuration file of the database with the target configuration file to switch the encryption algorithm of the database from the original encryption algorithm to the target encryption algorithm.
[0014] Optional, also includes:
[0015] When the database is switched from the target encryption algorithm to the original encryption algorithm, the target configuration file of the database is replaced with the original configuration file, so that the encryption algorithm of the database is switched from the target encryption algorithm to the original encryption algorithm.
[0016] Optionally, modifying the encryption attribute parameters of the database according to the target encryption algorithm parameter information represented by the target configuration file includes:
[0017] Read the database configuration parameters from the target configuration file;
[0018] Filter the target encryption algorithm parameter information in the configuration parameters;
[0019] Based on the target key length represented by the target encryption algorithm parameter information, the encryption attribute parameters of the database are modified; wherein, the encryption attribute parameters include the key length.
[0020] Optionally, modifying the encryption attribute parameters of the database based on the target key length characterized by the target encryption algorithm parameter information includes:
[0021] Based on the key length represented by the target encryption algorithm parameter information, determine whether the database has adopted the target encryption algorithm;
[0022] If it is determined that the database has adopted the target encryption algorithm, the key length in the encryption attribute parameters of the database is modified to the target key length.
[0023] Optionally, configuring the global encryption parameters of the database based on the modification result of the encryption attribute parameters of the database includes:
[0024] Once the modification result of the encrypted data parameters of the database indicates that the encryption attribute parameters of the database have been modified, the global encryption parameters corresponding to the target encryption algorithm are configured into the encryption and decryption system of the database.
[0025] Optionally, configuring the global encryption parameters corresponding to the target encryption algorithm into the encryption / decryption system of the database includes:
[0026] When the database first performs data encryption and decryption based on the target encryption algorithm, the target encryption algorithm is used as the global encryption algorithm, and corresponding global encryption parameters are generated.
[0027] Configure the global encryption parameters into the encryption and decryption system of the database so that each functional module in the encryption and decryption system performs data encryption and decryption based on the target encryption algorithm;
[0028] The encryption / decryption system includes at least a key file management module and a database engine encryption module.
[0029] A second aspect of this application provides a database encryption configuration apparatus, comprising:
[0030] The acquisition module is used to acquire the target configuration requirements of the database;
[0031] The calling module is used to call the target configuration file of the database according to the target encryption algorithm represented by the target configuration requirements;
[0032] The modification module is used to modify the encryption attribute parameters of the database according to the target encryption algorithm parameter information represented by the target configuration file;
[0033] The configuration module is used to configure the global encryption parameters of the database according to the modification result of the encryption attribute parameters of the database, so that the database can perform data encryption and decryption based on the target encryption algorithm.
[0034] Optionally, the calling module is specifically used for:
[0035] Based on the target encryption algorithm represented by the target configuration requirements, determine the target configuration file of the database;
[0036] Replace the original configuration file of the database with the target configuration file to switch the encryption algorithm of the database from the original encryption algorithm to the target encryption algorithm.
[0037] Optionally, the calling module is further configured to:
[0038] When the database is switched from the target encryption algorithm to the original encryption algorithm, the target configuration file of the database is replaced with the original configuration file, so that the encryption algorithm of the database is switched from the target encryption algorithm to the original encryption algorithm.
[0039] Optionally, the modification module is specifically used for:
[0040] Read the database configuration parameters from the target configuration file;
[0041] Filter the target encryption algorithm parameter information in the configuration parameters;
[0042] Based on the target key length represented by the target encryption algorithm parameter information, the encryption attribute parameters of the database are modified; wherein, the encryption attribute parameters include the key length.
[0043] Optionally, the modification module is specifically used for:
[0044] Based on the key length represented by the target encryption algorithm parameter information, determine whether the database has adopted the target encryption algorithm;
[0045] If it is determined that the database has adopted the target encryption algorithm, the key length in the encryption attribute parameters of the database is modified to the target key length.
[0046] Optionally, the configuration module is specifically used for:
[0047] Once the modification result of the encrypted data parameters of the database indicates that the encryption attribute parameters of the database have been modified, the global encryption parameters corresponding to the target encryption algorithm are configured into the encryption and decryption system of the database.
[0048] Optionally, the configuration module is specifically used for:
[0049] When the database first performs data encryption and decryption based on the target encryption algorithm, the target encryption algorithm is used as the global encryption algorithm, and corresponding global encryption parameters are generated.
[0050] Configure the global encryption parameters into the encryption and decryption system of the database so that each functional module in the encryption and decryption system performs data encryption and decryption based on the target encryption algorithm;
[0051] The encryption / decryption system includes at least a key file management module and a database engine encryption module.
[0052] A third aspect of this application provides an electronic device, comprising: at least one processor and a memory;
[0053] The memory stores computer-executed instructions;
[0054] The at least one processor executes computer execution instructions stored in the memory, causing the at least one processor to perform the method described in the first aspect above and various possible designs of the first aspect.
[0055] The fourth aspect of this application provides a computer-readable storage medium storing computer-executable instructions that, when executed by a processor, implement the method described in the first aspect above and various possible designs of the first aspect.
[0056] The technical solution of this application has the following advantages:
[0057] This application provides a database encryption configuration method, apparatus, electronic device, and storage medium. The method includes: obtaining the target configuration requirements of the database; calling the target configuration file of the database according to the target encryption algorithm represented by the target configuration requirements; modifying the encryption attribute parameters of the database according to the target encryption algorithm parameter information represented by the target configuration file; and configuring the global encryption parameters of the database according to the modification result of the encryption attribute parameters, so that the database can perform data encryption and decryption based on the target encryption algorithm. The method provided above, by configuring the database with corresponding encryption on the server side according to the target configuration requirements, enables the database to support user-defined encryption requirements without changing the original functionality of the database. The client does not need to make any code modifications, reducing the development cost of the database. Attached Figure Description
[0058] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings.
[0059] Figure 1 This is a schematic diagram of the database encryption configuration system on which the embodiments of this application are based;
[0060] Figure 2 A flowchart illustrating the database encryption configuration method provided in this application embodiment;
[0061] Figure 3 A flowchart illustrating an exemplary database encryption configuration method provided in this application embodiment;
[0062] Figure 4 A flowchart illustrating another exemplary database encryption configuration method provided in this application embodiment;
[0063] Figure 5 This is a schematic diagram of the structure of the database encryption configuration device provided in the embodiments of this application;
[0064] Figure 6 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application.
[0065] The accompanying drawings have illustrated specific embodiments of this application, which will be described in more detail below. These drawings and descriptions are not intended to limit the scope of the present disclosure in any way, but rather to illustrate the concepts of this application to those skilled in the art through reference to particular embodiments. Detailed Implementation
[0066] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0067] Furthermore, the terms "first," "second," etc., are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated. In the following descriptions of embodiments, "a plurality of" means two or more, unless otherwise explicitly defined.
[0068] In existing technologies, custom encryption of data involves modifying the client-side logic. The client encrypts the data, which is then transmitted to the server, where the server program saves the encrypted data (hereinafter referred to as ciphertext) to a file. The drawback of this method is that it requires modification of the client-side code, specifically any part of the client-side code involved in the encryption. If one client encrypts certain data, other clients reading that data also need to decrypt it, requiring modifications to multiple clients. Because the aforementioned methods of encrypting databases incur significant development costs, encrypting data using MariaDB's TDE functionality also presents the problem of insufficient encryption algorithm support. Transparent Data Encryption (TDE), on the other hand, achieves the effect of making the database data transparent to the client. After connecting to the server, the database content seen through SQL commands appears normal, not ciphertext. However, if the database file is directly copied or the database disk is removed, the file content will be ciphertext.
[0069] To address the aforementioned issues, this application provides a database encryption configuration method, apparatus, electronic device, and storage medium. The method includes: obtaining the target configuration requirements of the database; calling the target configuration file of the database according to the target encryption algorithm represented by the target configuration requirements; modifying the encryption attribute parameters of the database according to the target encryption algorithm parameter information represented by the target configuration file; and configuring the global encryption parameters of the database according to the modification result of the database's encryption attribute parameters, so that the database performs data encryption and decryption based on the target encryption algorithm. The method provided above, by configuring the database with corresponding encryption on the server side according to the database's target configuration requirements, enables the database to support user-defined encryption requirements without changing the original functionality of the database. The client does not need to make any code modifications, reducing the development cost of the database.
[0070] The following specific embodiments can be combined with each other, and the same or similar concepts or processes may not be described again in some embodiments. The embodiments of the present invention will now be described with reference to the accompanying drawings.
[0071] First, the structure of the database encryption configuration system on which this application is based will be described:
[0072] The database encryption configuration method, apparatus, electronic device, and storage medium provided in this application are applicable to configuring database encryption. For example... Figure 1 The diagram shown is a structural schematic of the database encryption configuration system based on the embodiments of this application. It mainly includes a data acquisition device, a database, and a database encryption configuration device. Specifically, the data acquisition device can collect target configuration requirements from the data, and then send these requirements to the database encryption configuration device. The database encryption configuration device then performs corresponding encryption configuration on the database according to the obtained target configuration requirements, so that the database encrypts and decrypts data according to the target encryption algorithm specified in the target configuration requirements.
[0073] This application provides a database encryption configuration method for encrypting and configuring a database. The execution subject of this application embodiment is an electronic device, such as a server, desktop computer, laptop computer, tablet computer, or other electronic devices that can be used for database encryption configuration.
[0074] like Figure 2 The diagram shown is a flowchart illustrating a database encryption configuration method provided in an embodiment of this application. The method includes:
[0075] Step 201: Obtain the target configuration requirements for the database.
[0076] The target configuration requirements should include at least information such as the target encryption algorithm. Taking MariaDB as an example, its original encryption algorithm is AES, but the target configuration requirements can specify that its encryption algorithm should be SM4, etc.
[0077] Step 202: Based on the target encryption algorithm represented by the target configuration requirements, call the target configuration file in the database.
[0078] It should be noted that different encryption algorithms have different configuration files, and the original encryption algorithm of the database is equipped with a corresponding original configuration file.
[0079] Specifically, a configuration file for the target encryption algorithm can be preset. When the database needs to perform data encryption and decryption based on the target encryption algorithm, the target configuration file of the target encryption algorithm is called for the database so that the database can run the target encryption algorithm based on the target configuration file.
[0080] Step 203: Modify the encryption attribute parameters of the database according to the target encryption algorithm parameter information represented by the target configuration file.
[0081] Specifically, after obtaining the target configuration file of the database, in order for the database to run the target configuration file successfully, the database can be configured with corresponding parameters according to the target encryption algorithm parameter information recorded in the target configuration file, that is, the encryption attribute parameters of the database can be modified so that the database can be compatible with the target configuration file.
[0082] Step 204: Based on the modification results of the database's encryption attribute parameters, configure the database's global encryption parameters so that the database can encrypt and decrypt data based on the target encryption algorithm.
[0083] It should be noted that the database data involves encryption of multiple parts of the data, such as encrypted interactive data, encrypted log data, and encrypted engine data.
[0084] Specifically, to ensure that all parts of the database use a unified encryption algorithm and avoid encryption / decryption errors, after the encryption attribute parameters of the database are modified to adapt to the target encryption algorithm, global encryption parameters of the database can be configured so that all parts of the database use the target encryption algorithm for data encryption and decryption.
[0085] Based on the above embodiments, in order not to affect the original functionality of the database, as an implementable approach, in one embodiment, the target encryption algorithm characterized by the target configuration requirements is invoked, including:
[0086] Step 2021: Determine the target configuration file for the database based on the target encryption algorithm represented by the target configuration requirements;
[0087] Step 2022: Replace the original configuration file of the database with the target configuration file to switch the encryption algorithm of the database from the original encryption algorithm to the target encryption algorithm.
[0088] The original configuration file is the configuration file corresponding to the original encryption algorithm.
[0089] Specifically, in one embodiment, when the database switches from the target encryption algorithm to the original encryption algorithm, the target configuration file of the database can be replaced with the original configuration file so that the encryption algorithm of the database is switched from the target encryption algorithm to the original encryption algorithm.
[0090] It's important to note that, taking MariaDB as an example, since the encryption method affects database performance, to ensure that the original functionality remains unaffected after changing the encryption method, and to allow MariaDB to perform TDE configuration and cleanup operations according to its original configuration, support for the SM4 encryption algorithm (target encryption algorithm) has been added. This ensures that the original functions and operation methods remain unchanged, and allows for seamless switching between encrypted and unencrypted, AES (original encryption algorithm), and SM4. For situations requiring SM4 encryption, the existing MariaDB configuration file can be directly replaced, rather than modifying the original configuration file. This ensures that data encryption using SM4 can be performed at any time without affecting the original functionality. Alternatively, one can switch to AES encryption or revert to an unencrypted state.
[0091] Based on the above embodiments, as one implementable approach, in one embodiment, the encryption attribute parameters of the database are modified according to the target encryption algorithm parameter information represented by the target configuration file, including:
[0092] Step 2031: Read the database configuration parameters from the target configuration file;
[0093] Step 2032: Filter the target encryption algorithm parameter information in the configuration parameters;
[0094] Step 2033: Modify the encryption attribute parameters of the database according to the target key length represented by the target encryption algorithm parameter information; wherein, the encryption attribute parameters include the key length.
[0095] Specifically, in one embodiment, it can be determined whether the database has adopted the target encryption algorithm based on the key length represented by the target encryption algorithm parameter information; if it is determined that the database has adopted the target encryption algorithm, the key length in the database's encryption attribute parameters is modified to the target key length.
[0096] It should be noted that the key length for the AES encryption algorithm in the MariaDB database is 256 bits, which is the default value. The key length for the SM4 encryption algorithm is 128 bits. The database configuration process has been modified to check whether the encryption algorithm is SM4. If it is SM4, the key length is changed to 128 bits.
[0097] For example, such as Figure 3 The diagram illustrates an exemplary database encryption configuration method according to an embodiment of this application. First, configuration parameters are obtained from the current configuration file (target configuration file) used by the database. Then, the configuration parameters related to the encryption algorithm (key length), i.e., the target encryption algorithm parameter information, are filtered out. If the read configuration parameters indicate that the database uses the target decryption algorithm (SM4), the database's encryption attribute parameters are modified to change the key length to 128 bits. The 128-bit key is then used to decrypt the currently encrypted key file to obtain the decrypted key file. If the read configuration parameters indicate that the database does not use the target decryption algorithm (SM4), the 256-bit key is used to decrypt the currently encrypted key file to obtain the decrypted key file.
[0098] Based on the above embodiments, as an implementable approach, in one embodiment, the global encryption parameters of the database are configured according to the modification result of the database's encryption attribute parameters, including:
[0099] Step 2041: After the modification result of the encrypted data parameters of the database represents the completion of the modification of the encrypted attribute parameters of the database, the global encryption parameters corresponding to the target encryption algorithm are configured to the encryption and decryption system of the database.
[0100] It should be noted that, since the encryption algorithms used in the original AES encryption process are not consistent, if encryption and decryption are performed according to the SM4 encryption algorithm configured in the configuration file, other modules such as logs will use the SM4 encryption algorithm key when using a fixed encryption algorithm (the original encryption algorithm). Since the key lengths of the two are different, an error will occur.
[0101] Specifically, to avoid the aforementioned problems, after modifying the encryption attribute parameters of the database, such as changing the key length to 128 bits, the global encryption parameters corresponding to the target encryption algorithm can be configured in the database's encryption and decryption system. This ensures that all modules in the encryption and decryption system use the target encryption algorithm, and all keys use 128 bits. The global encryption parameters are used to record the encryption algorithm currently used by the database.
[0102] Specifically, in one embodiment, when the database performs data encryption and decryption based on the target encryption algorithm for the first time, the target encryption algorithm is used as the global encryption algorithm, and corresponding global encryption parameters are generated. The global encryption parameters are configured in the database's encryption and decryption system so that each functional module in the encryption and decryption system performs data encryption and decryption based on the target encryption algorithm.
[0103] The encryption / decryption system includes at least a key file management module and a database engine encryption module. Taking MariaDB as an example, MariaDB uses encryption in three main areas: Encryption Plugins, Storage Engine Encryption, and Replication Cache Encryption. For instance, the encryption algorithm used by the Encryption Plugins is configured in the "File Key Management" section of the configuration file, and is therefore configurable. The encryption algorithm used by the logs in Replication Cache Encryption is fixed at AES_ECB. The Storage Engine Encryption uses the algorithm configured in the relevant settings of the Encryption Plugins.
[0104] For example, such as Figure 4 The diagram illustrates another exemplary database encryption configuration method provided in this application. First, it determines whether the database is performing data encryption / decryption calculations based on the target encryption algorithm for the first time. If so, it indicates that the database has just completed the configuration of the target encryption algorithm. Therefore, the target encryption algorithm used in this instance is further designated as the global encryption algorithm for the database, and corresponding global encryption parameters are generated to mark the target encryption algorithm used. In subsequent encryption / decryption calculations of each functional module of the database, it first determines whether the global encryption algorithm is the target encryption algorithm (SM4). If so, data encryption / decryption calculations are performed based on the target encryption algorithm. If not, it indicates that the database has switched to the original encryption algorithm, and therefore, the original encryption algorithm of the database (the encryption algorithm at the process entry point) is used for encryption / decryption calculations.
[0105] The database encryption configuration method provided in this application involves: obtaining the target configuration requirements of the database; calling the target configuration file of the database according to the target encryption algorithm represented by the target configuration requirements; modifying the encryption attribute parameters of the database according to the target encryption algorithm parameter information represented by the target configuration file; and configuring the global encryption parameters of the database according to the modification result of the encryption attribute parameters, so that the database can perform data encryption and decryption based on the target encryption algorithm. The method provided above, by configuring the database with corresponding encryption on the server side according to the target configuration requirements, enables the database to support user-defined encryption requirements without changing the original functionality of the database. The client does not need to make any code modifications, reducing the development cost of the database. Furthermore, by configuring the database encryption on the server side, database-related programs can achieve transparent encryption; other programs see only ciphertext and cannot directly view it. For example, by modifying the operating system I / O driver or doing so at the operating system level, all programs can be transparently encrypted.
[0106] This application provides a database encryption configuration device for executing the database encryption configuration method provided in the above embodiments.
[0107] like Figure 5 The diagram shown is a structural schematic of a database encryption configuration device provided in an embodiment of this application. The database encryption configuration device 50 includes: an acquisition module 501, a calling module 502, a modification module 503, and a configuration module 504.
[0108] The system includes: an acquisition module for acquiring the target configuration requirements of the database; a call module for calling the target configuration file of the database based on the target encryption algorithm represented by the target configuration requirements; a modification module for modifying the encryption attribute parameters of the database based on the target encryption algorithm parameter information represented by the target configuration file; and a configuration module for configuring the global encryption parameters of the database based on the modification results of the encryption attribute parameters of the database, so that the database can perform data encryption and decryption based on the target encryption algorithm.
[0109] Specifically, in one embodiment, the calling module is specifically used for:
[0110] Based on the target encryption algorithm characterized by the target configuration requirements, determine the target configuration file for the database;
[0111] Replace the original configuration file of the database with the target configuration file to switch the database's encryption algorithm from the original encryption algorithm to the target encryption algorithm.
[0112] Specifically, in one embodiment, the calling module is further configured to:
[0113] When the database switches from the target encryption algorithm to the original encryption algorithm, the target configuration file of the database is replaced with the original configuration file to switch the database's encryption algorithm from the target encryption algorithm to the original encryption algorithm.
[0114] Specifically, in one embodiment, the modification module is specifically used for:
[0115] Read the database configuration parameters from the target configuration file;
[0116] Filter the target encryption algorithm parameters in the configuration parameters;
[0117] Based on the target key length as represented by the target encryption algorithm parameter information, modify the encryption attribute parameters of the database; where the encryption attribute parameters include the key length.
[0118] Specifically, in one embodiment, the modification module is specifically used for:
[0119] Based on the key length represented by the target encryption algorithm parameter information, determine whether the database has adopted the target encryption algorithm;
[0120] If it is determined that the database has adopted the target encryption algorithm, modify the key length in the database's encryption attribute parameters to the target key length.
[0121] Specifically, in one embodiment, the configuration module is specifically used for:
[0122] Once the modification result of the encrypted data parameters of the database indicates that the encryption attribute parameters of the database have been modified, the global encryption parameters corresponding to the target encryption algorithm will be configured into the database's encryption and decryption system.
[0123] Specifically, in one embodiment, the configuration module is specifically used for:
[0124] When the database first performs data encryption and decryption based on the target encryption algorithm, the target encryption algorithm is used as the global encryption algorithm, and corresponding global encryption parameters are generated.
[0125] Configure global encryption parameters in the database's encryption and decryption system so that each functional module in the encryption and decryption system performs data encryption and decryption based on the target encryption algorithm;
[0126] The encryption / decryption system includes at least a key file management module and a database engine encryption module.
[0127] Regarding the database encryption configuration device in this embodiment, the specific methods by which each module performs operations have been described in detail in the embodiments related to the method, and will not be elaborated here.
[0128] The database encryption configuration device provided in this application embodiment is used to execute the database encryption configuration method provided in the above embodiment. Its implementation method and principle are the same, and will not be described again.
[0129] This application provides an electronic device for executing the database encryption configuration method provided in the above embodiments.
[0130] like Figure 6 The diagram shown is a structural schematic of an electronic device provided in an embodiment of this application. The electronic device 60 includes at least one processor 61 and a memory 62.
[0131] The memory stores computer-executable instructions; at least one processor executes the computer-executable instructions stored in the memory, causing the at least one processor to execute the database encryption configuration method provided in the above embodiment.
[0132] This application provides an electronic device for executing the database encryption configuration method provided in the above embodiments. Its implementation method and principle are the same, and will not be described again.
[0133] This application provides a computer-readable storage medium storing computer-executable instructions. When a processor executes the computer-executable instructions, it implements the database encryption configuration method provided in any of the above embodiments.
[0134] The storage medium containing computer-executable instructions in this embodiment can be used to store the computer-executable instructions of the database encryption configuration method provided in the foregoing embodiments. Its implementation method and principle are the same, and will not be described again.
[0135] In the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between apparatuses or units may be electrical, mechanical, or other forms.
[0136] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.
[0137] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or in a combination of hardware and software functional units.
[0138] The integrated units implemented as software functional units described above can be stored in a computer-readable storage medium. These software functional units, stored in a storage medium, include several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) or processor to execute some steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0139] Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the above-described division of functional modules is merely an example. In practical applications, the above functions can be assigned to different functional modules as needed, that is, the internal structure of the device can be divided into different functional modules to complete all or part of the functions described above. The specific working process of the device described above can be referred to the corresponding process in the foregoing method embodiments, and will not be repeated here.
[0140] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of this application, and are not intended to limit them. Although this application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some or all of the technical features therein. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the scope of the technical solutions of the embodiments of this application.
Claims
1. A database encryption configuration method, characterized in that, include: Obtain the target configuration requirements for the database; Based on the target encryption algorithm represented by the target configuration requirements, the target configuration file of the database is invoked; Based on the target encryption algorithm parameter information represented by the target configuration file, modify the encryption attribute parameters of the database; Based on the modification results of the encryption attribute parameters of the database, configure the global encryption parameters of the database so that the database can perform data encryption and decryption based on the target encryption algorithm; The step of calling the target configuration file in the database based on the target encryption algorithm characterized by the target configuration requirements includes: Based on the target encryption algorithm characterized by the target configuration requirements, the target configuration file of the database is determined; Replace the original configuration file of the database with the target configuration file to switch the encryption algorithm of the database from the original encryption algorithm to the target encryption algorithm; The method further includes: When the database is switched from the target encryption algorithm to the original encryption algorithm, the target configuration file of the database is replaced with the original configuration file so that the encryption algorithm of the database is switched from the target encryption algorithm to the original encryption algorithm. The step of configuring the global encryption parameters of the database based on the modification result of the encryption attribute parameters of the database includes: When the result of modifying the encrypted data parameters of the database indicates that the encryption attribute parameters of the database have been modified, the global encryption parameters corresponding to the target encryption algorithm are configured into the encryption and decryption system of the database. The step of configuring the global encryption parameters corresponding to the target encryption algorithm into the encryption / decryption system of the database includes: When the database first performs data encryption and decryption based on the target encryption algorithm, the target encryption algorithm is used as the global encryption algorithm, and corresponding global encryption parameters are generated. Configure the global encryption parameters into the encryption and decryption system of the database so that each functional module in the encryption and decryption system performs data encryption and decryption based on the target encryption algorithm; The encryption / decryption system includes at least a key file management module and a database engine encryption module. In the subsequent encryption / decryption calculations of each functional module of the database, it is first determined whether the global encryption algorithm is the target encryption algorithm. If it is, the data encryption / decryption calculation is performed based on the target encryption algorithm. If it is not, it indicates that the database has switched to the original encryption algorithm, and the original encryption algorithm of the database is used for encryption / decryption calculations.
2. The method according to claim 1, characterized in that, The step of modifying the encryption attribute parameters of the database according to the target encryption algorithm parameter information represented by the target configuration file includes: Read the database configuration parameters from the target configuration file; Filter the target encryption algorithm parameter information in the configuration parameters; Based on the target key length represented by the target encryption algorithm parameter information, the encryption attribute parameters of the database are modified; wherein, the encryption attribute parameters include the key length.
3. The method according to claim 2, characterized in that, The step of modifying the encryption attribute parameters of the database based on the target key length characterized by the target encryption algorithm parameter information includes: Based on the key length represented by the target encryption algorithm parameter information, determine whether the database has adopted the target encryption algorithm; If it is determined that the database has adopted the target encryption algorithm, the key length in the encryption attribute parameters of the database is modified to the target key length.
4. A database encryption configuration device, characterized in that, include: The acquisition module is used to acquire the target configuration requirements of the database; The calling module is used to call the target configuration file of the database according to the target encryption algorithm represented by the target configuration requirements; The modification module is used to modify the encryption attribute parameters of the database according to the target encryption algorithm parameter information represented by the target configuration file; The configuration module is used to configure the global encryption parameters of the database according to the modification result of the encryption attribute parameters of the database, so that the database can perform data encryption and decryption based on the target encryption algorithm; The calling module is specifically used for: Based on the target encryption algorithm characterized by the target configuration requirements, the target configuration file of the database is determined; Replace the original configuration file of the database with the target configuration file to switch the encryption algorithm of the database from the original encryption algorithm to the target encryption algorithm; The calling module is also used for: When the database is switched from the target encryption algorithm to the original encryption algorithm, the target configuration file of the database is replaced with the original configuration file so that the encryption algorithm of the database is switched from the target encryption algorithm to the original encryption algorithm. The configuration module is specifically used for: When the result of modifying the encrypted data parameters of the database indicates that the encryption attribute parameters of the database have been modified, the global encryption parameters corresponding to the target encryption algorithm are configured into the encryption and decryption system of the database. The configuration module is specifically used for: When the database first performs data encryption and decryption based on the target encryption algorithm, the target encryption algorithm is used as the global encryption algorithm, and corresponding global encryption parameters are generated. Configure the global encryption parameters into the encryption and decryption system of the database so that each functional module in the encryption and decryption system performs data encryption and decryption based on the target encryption algorithm; The encryption / decryption system includes at least a key file management module and a database engine encryption module. In the subsequent encryption / decryption calculations of each functional module of the database, it is first determined whether the global encryption algorithm is the target encryption algorithm. If it is, the data encryption / decryption calculation is performed based on the target encryption algorithm. If it is not, it indicates that the database has switched to the original encryption algorithm, and the original encryption algorithm of the database is used for encryption / decryption calculations.
5. An electronic device, characterized in that, include: At least one processor and memory; The memory stores computer-executed instructions; The at least one processor executes computer execution instructions stored in the memory, causing the at least one processor to perform the method as described in any one of claims 1 to 3.
6. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer-executable instructions, which, when executed by a processor, implement the method as described in any one of claims 1 to 3.